Supply Chain

marimo Pre-Auth RCE Weaponized in 72 Hours; NKAbuse Botnet Staged on HuggingFace Spaces

CVE-2017-5638 CVE-2026-39987 NKAbuse Net Crawler Royal

CVE-2026-39987, a critical pre-authentication RCE in the marimo reactive Python notebook platform, was weaponized within three days of its April 8 disclosure, with Sysdig TRT confirming multiple attacks by April 11 and capturing a previously undocumented NKAbuse variant staged on HuggingFace Spaces. The actor exploited HuggingFace's high developer trust and frequent allow-listing as a malware CDN — a tactically sound choice for reaching data science workloads. NKAbuse's use of the NKN blockchain protocol for C2 structurally resists traditional infrastructure takedown and sinkholing, giving this botnet a meaningful operational longevity advantage over conventional C2 architectures. The entry also tags CVE-2017-5638 (Apache Struts, EPSS 0.943, in KEV since 2022), and the appearance of 'Royal' in the software entities warrants monitoring for a potential ransomware-as-second-stage pivot.

The 72-hour disclosure-to-weaponization window against developer tooling, combined with HuggingFace staging and blockchain C2, describes an actor running a pre-positioned rapid exploitation playbook — not an opportunistic scanner. The HuggingFace angle specifically should prompt a review of whether your threat intel and endpoint controls treat downloads from model hosting platforms with the same scrutiny as generic CDNs, because they frequently don't.

Three-day disclosure-to-weaponization plus HuggingFace as malware CDN plus NKN blockchain C2 is a pre-positioned playbook, not opportunistic scanning — and data-science workloads are exactly the kind of high-privilege, loosely-governed endpoints that benefit from trusting model-hosting infra by default. The Royal tag in extracted software warrants watching for a ransomware second stage; NKN-based C2 is also a longevity pattern other crews will copy once this writeup circulates.

Editorial

The blockchain C2 thread flagged yesterday just cashed out in concrete form. The Marimo exploitation chain — now a week old and still generating entries — terminates in Sysdig's discovery of an undocumented NKAbuse variant staged on HuggingFace Spaces and beaconing over NKN. That's the UNC5142/UNC5342 tradecraft pattern proliferating into opportunistic commodity operations faster than expected, and it pairs with the malicious LLM proxy router finding to form a coherent message: AI/ML platforms are being treated as generic CDNs by allow-list policy, but they now host both C2 staging and hostile egress infrastructure. If the enterprise AI rollout delegated proxy configuration to application teams without central network visibility, that's the control gap being monetized today.

The counter-signal is a 17-year-old Excel bug (CVE-2009-0238) landing in KEV with confirmed exploitation on the same cycle that shipped an already-exploited SharePoint flaw (CVE-2026-32201). One cohort is building blockchain-resilient C2; another is exhuming bugs older than the analysts triaging them — and both are working. Add Sandworm teaming with NoName057 against a Swedish thermal plant, and the week's connective tissue is clear: the attack surface is widening at both temporal extremes and across the state/criminal/hacktivist boundary simultaneously. Vulnerability management scoring that implicitly privileges "recent" is mis-calibrated for this threat environment, and the Rapid7 pre-KEV triage list of 19 Microsoft "more likely to be exploited" CVEs is the right artifact to cross-reference against internet-exposed and privileged-access assets before next week's additions prove the point.

Notable

Vulnerabilities

CVE-2009-0238: Seventeen-Year-Old Excel Flaw Enters KEV With Active Exploitation

CVE-2009-0238 CVE-2026-32201 CVE-2026-33824 CVE-2026-33825

CISA added CVE-2009-0238, an Excel vulnerability first published in February 2009 with CVSS 9.3 and a current EPSS of 0.572, to the KEV catalog with a remediation deadline of 2026-04-28, confirming active attacks against the 17-year-old flaw. The elevated EPSS is algorithmically significant — it reflects recent exploitation telemetry biasing the model, meaning attacker interest is measurably elevated now rather than being a stale residual score. CVE-2026-32201, a SharePoint Server input validation flaw allowing pre-authentication network spoofing, is also confirmed exploited in the wild and carries the same KEV deadline of 2026-04-28. No attribution has been published for either exploitation chain.

The Excel CVE revival is most concerning for environments where Office patch cycles have been deferred due to macro compatibility concerns or legacy line-of-business application dependencies — a pattern disproportionately common in financial services operations. The absence of attribution here is itself notable; a 17-year-old CVE with a 0.572 EPSS and no named actor suggests either a novel exploitation path rediscovery or a deliberate choice to weaponize a bug that many defenders have mentally retired.

EPSS at 0.572 on a 2009 CVE is a telemetry artifact of *current* attacker interest, not a stale residual — the model is telling you someone is actively using this right now. Pairs cleanly with the SharePoint zero-day (CVE-2026-32201) from yesterday's Patch Tuesday; environments where Office patching was deferred for macro or LOB compatibility are the target profile.

Vulnerabilities

Rapid7: Microsoft Self-Flags 19 April CVEs as 'More Likely' To Be Exploited

CVE-2026-32201 CVE-2026-33824 CVE-2026-33825

Rapid7's April 2026 Patch Tuesday analysis confirms 167 Microsoft CVEs — including 80 browser CVEs counted separately — with Microsoft's own exploitation likelihood assessments designating 19 as 'more likely to see future exploitation.' CVE-2026-32201 (SharePoint, KEV 2026-04-28) is the sole confirmed-exploited entry at publication time, with CVE-2026-33824 and CVE-2026-33825 also tracked in Rapid7's coverage. The 19-CVE exploitation-likely list represents Microsoft's internal threat intelligence team's forward-looking assessment, making it a pre-KEV indicator of near-term weaponization candidates.

Microsoft's 'exploitation more likely' designations on 19 CVEs in this batch are an underutilized triage input — they represent the judgment of Microsoft's own detection engineering and threat intel teams, not a CVSS formula. In a 167-CVE cycle, cross-referencing that specific list against your internet-exposed and privileged-access asset inventory is the most efficient path to a second-tier remediation queue beyond the KEV entries.

Microsoft's internal exploitation-likelihood designation is the most underused triage input in the ecosystem — it's the judgment of MSRC's own detection-engineering and threat intel teams, not a CVSS formula. In a 167-CVE cycle, that 19-CVE list is the efficient second-tier queue once the KEV entries are handled.

Malware

Malicious LLM Proxy Routers in the Wild; Scattered Spider Among Cited Actors

CVE-2025-0520 CVE-2026-32201 CVE-2026-5194 APT3 APT37 Scattered Spider Milan UPPERCUT

Risky Biz News reports on malicious LLM proxy router infrastructure deployed in the wild, with activity attributed across APT3 (China), APT37 (North Korea), and Scattered Spider (UNC3944, financially motivated) — actors with entirely different sponsor contexts and operational models, almost certainly representing distinct campaign items within the newsletter's roundup format rather than a coordinated joint operation. Tooling includes Milan and UPPERCUT; UPPERCUT has historical APT10/MenuPass associations rather than APT3, flagging a potential attribution precision issue or evidence of cross-group tool sharing in the source reporting. The malicious proxy technique involves adversary-controlled LLM API infrastructure positioned to intercept, exfiltrate, or manipulate enterprise AI traffic. CVE-2026-5194 (EPSS 0.00035) and CVE-2025-0520 (EPSS 0.020) are also tagged but carry minimal exploitation signal.

The three-actor framing should not be read as a coordinated joint operation — it isn't. What is independently significant is Scattered Spider's apparent pivot toward AI infrastructure targeting: this group's demonstrated track record against financial services firms via social engineering, combined with LLM proxy interception techniques, describes a threat model directly relevant to institutions running internal LLM services or routing to third-party AI APIs through enterprise gateways. Verify that your AI API traffic paths are not traversing adversary-controlled infrastructure, particularly in environments where LLM proxy configuration has been delegated to application teams without central network visibility.

The three-actor framing (APT3, APT37, Scattered Spider) is almost certainly a newsletter-roundup artifact rather than a joint op — and the UPPERCUT/APT3 pairing specifically looks like an attribution slip (UPPERCUT is APT10/MenuPass tooling). What matters for us is Scattered Spider pivoting toward AI infrastructure: a group with a demonstrated financial-services track record via social engineering now moving against LLM traffic paths is a direct threat-model update.

Privacy

Salt Typhoon Operational Security and Critical Infrastructure Targeting: Deep-Dive

Salt Typhoon Attor CALENDAR Qilin

Long-form technical analysis of Salt Typhoon's tradecraft, targeting selection, and OPSEC across critical infrastructure intrusions — strategic context rather than a fresh incident, but substantive enough (2,900+ words) to use as a reference piece for threat modeling telecom and infrastructure dependencies.

Geopolitical

Sandworm and NoName057 Combined Attempt Against Swedish Thermal Power Plant

NoName057 Sandworm Team

Swedish critical infrastructure targeted in a blended operation combining GRU-linked Sandworm capability with the pro-Russian NoName057 hacktivist front. The state-plus-hacktivist pairing against ICS is a tradecraft pattern worth logging — plausible cover-and-access division of labor rather than noise.

Intelligence

Novel BGP Manipulation Vector in IXP Route Server Architecture

Researcher disclosure of a previously undocumented blind spot in Internet Exchange Point route server configurations enabling BGP manipulation. Relevant to any institution with BGP-adjacent dependencies (transit, anycast DNS, DDoS scrubbing) — worth a conversation with network engineering on upstream IXP exposure.

AI Threats

n8n Workflow Automation Abused for Reconnaissance and Attack Staging

Threat actors operationalizing the legitimate n8n automation platform as recon and credential-harvesting infrastructure. Continues the pattern of living-off-trusted-SaaS (GitHub Actions, HuggingFace, now n8n) — allow-listing by vendor reputation continues to age poorly as an EDR/proxy posture.

Briefs

Vulnerabilities

Krebs April Patch Tuesday Roundup: SharePoint, Adobe Reader, Chrome Dawn (all covered yesterday)

Patch Tuesday summary covering five CVEs with one CISA Known Exploited Vulnerability having exploitation deadline today (2026-04-15), requiring immediate attention.

CVE-2026-32201 CVE-2026-33120 CVE-2026-33825 CVE-2026-34621 CVE-2026-5281

Vulnerabilities

Talos Snort Rule Coverage for April 2026 Patch Tuesday (165 Microsoft CVEs)

Microsoft released 32 security patches including one CISA Known Exploited Vulnerability with due date 2026-04-28, spanning critical infrastructure-relevant products.

CVE-2026-0390 CVE-2026-23666 CVE-2026-26151 CVE-2026-26169 CVE-2026-26173 CVE-2026-26177 CVE-2026-26182 CVE-2026-27906 CVE-2026-27908 CVE-2026-27909 CVE-2026-27913 CVE-2026-27914 CVE-2026-27921 CVE-2026-27922 CVE-2026-32070 CVE-2026-32075 CVE-2026-32093 CVE-2026-32152 CVE-2026-32154 CVE-2026-32155 CVE-2026-32157 CVE-2026-32162 CVE-2026-32190 CVE-2026-32201 CVE-2026-32202 CVE-2026-32225 CVE-2026-33114 CVE-2026-33115 CVE-2026-33824 CVE-2026-33825 CVE-2026-33826 CVE-2026-33827

Vulnerabilities

Multi-Vendor April Patch Roundup: SAP, Fortinet, Adobe, Plus an Anomalous PlugX Software Tag

Cross-vendor Patch Tuesday covering 10 CVEs spanning SAP, Adobe, Microsoft, and Fortinet with one CISA KEV entry due 2026-04-27, environment-relevant to financial infrastructure.

CVE-2026-27282 CVE-2026-27304 CVE-2026-27305 CVE-2026-27306 CVE-2026-27681 CVE-2026-32201 CVE-2026-34619 CVE-2026-34621 CVE-2026-39808 CVE-2026-39813 PlugX

Vulnerabilities

SharePoint-Focused April Coverage With Anomalous CVE-2023-20585 Cisco Reference (likely enrichment artifact)

Microsoft released patches for a SharePoint zero-day vulnerability plus 168 additional flaws in April 2026 security update with CISA KEV designation.

CVE-2023-20585 CVE-2026-21637 CVE-2026-25250 CVE-2026-32201 CVE-2026-32631 CVE-2026-33824 CVE-2026-33825

Vulnerabilities

April 2026 Patch Tuesday: Second-Largest Monthly CVE Volume in Microsoft History

Microsoft's April 2026 Patch Tuesday constitutes the second-largest monthly release in company history with four CVEs and CISA KEV entry due 2026-04-28.

CVE-2026-26149 CVE-2026-32201 CVE-2026-33824 CVE-2026-33825

Vulnerabilities

Duplicate Krebs Patch Tuesday Entry — SimHash Dedup Miss of Story 4208

Researcher-compiled Patch Tuesday covering five CVEs with one CISA KEV entry due for public exploitation disclosure today.

CVE-2026-32201 CVE-2026-33120 CVE-2026-33825 CVE-2026-34621 CVE-2026-5281

AI Threats

Government Intelligence on Reconnaissance Scanning Against AI Model Infrastructure

Government authority releases actionable intelligence on attacker scanning patterns targeting AI model deployments with associated indicators of compromise.

Intelligence

Wacli WhatsApp CLI Analysis With Detection Guidance

Security analysis of Wacli (WhatsApp command-line interface) with detection guidance and associated indicators of compromise.

Intelligence

Suspicious Docker Hub Images Flagged in Supply Chain Analysis

Vendor analysis identifying suspicious Docker container images with potential supply chain security implications.

Malware

Supply Chain Breach Monetization Economics: LAPSUS$, TAG-160, TeamPCP

Analysis of how threat actors including LAPSUS$, TAG-160, and TeamPCP monetize supply chain compromises through credential and access sales.

LAPSUS$ TAG-160 TeamPCP Wiper

Social Engineering

Credit Resources Vault Phishing Campaign With IOCs

Vendor identifies sophisticated phishing campaign impersonating credit resources with detection guidance and malicious indicators.

Malware

108 Malicious Chrome Extensions Removed After Credential Theft From 20k Users

Vendor security research uncovered 108 malicious browser extensions conducting credential theft from Google and Telegram users, subsequently removed from Chrome Web Store.

Social Engineering

Microsoft Adds Windows Defenses Against APT29 Malicious RDP File Technique

Microsoft implements defensive Windows protections targeting APT29's documented technique of weaponizing Remote Desktop configuration files.

APT29

Malware

XLoader/Formbook Infection Analysis With IOCs

Security researcher documents XLoader (Formbook variant) infection with actionable indicators of compromise for detection.

XLoader

Vulnerabilities

Linux Kernel ETS Scheduler Race Condition (Local Priv-Esc, EPSS 0.001)

ZDI-disclosed Linux kernel race condition enabling local privilege escalation with trivial exploitation likelihood (EPSS 0.001).

CVE-2025-71066

Ransomware

Healthcare Sector Threat Retrospective Featuring Qilin Ransomware

Healthcare sector threat analysis identifying top operational risks including Qilin ransomware targeting medical providers.

Qilin Milan Qilin

Vulnerabilities

Kubernetes 1.36 Security Features and Architectural Changes

Kubernetes upstream release notes documenting version 1.36 security enhancements and platform improvements.

CVE-2021-29923

Supply Chain

Dependency Cooldown Policy as Free-Rider Risk in OSS Ecosystems

Analysis of how dependency update cooldown policies in package repositories create security and maintenance externality dynamics.

Embargo Octopus

Vulnerabilities

WPForms Contact Form WordPress Plugin CSRF

Cross-site request forgery vulnerability documented in WPForms plugin affecting WordPress installations up to version 1.10.0.2.

CVE-2026-40764

Vulnerabilities

ThemeGrill Demo Importer WordPress Plugin Authorization Bypass

Authorization control vulnerability in ThemeGrill Demo Importer plugin affecting WordPress installations up to version 2.0.0.6.

CVE-2026-40730

Vulnerabilities

Beaver Builder WordPress Plugin SQL Injection

SQL injection vulnerability in Beaver Builder WordPress plugin affecting versions up to 2.10.1.2.

CVE-2026-40744

Geopolitical

Two U.S. Nationals Sentenced in DPRK Remote IT Worker Sanctions Evasion Scheme ($5M)

Law enforcement action against sanctions evasion network providing remote IT worker services generating $5 million for Democratic People's Republic of Korea.

Attor PLEAD

Geopolitical

FCC Reverses Netgear Router Ban Despite Volt Typhoon Context

Regulatory analysis of FCC decision to reverse Netgear router import restrictions amid state-sponsored threat actor (Volt Typhoon) concerns.

Volt Typhoon